05-22-2015 12:04 AM - edited 03-08-2019 12:07 AM
I am confuses the function between Unicast RPF and Reverse Path Forwarding.
What is the difference between Unicast RPF and Reverse Path Forwarding?
Because they both verify the source address of each packet before forwarding it to the destination too?
Is Reverse Path Forwarding used only when the network want to build a shared tree of multicast communication and then we need to use Unicast RPF after the shared tree is created?
Solved! Go to Solution.
05-22-2015 04:38 AM
The mechanism of RPF is mainly used to ensure loop-free routing of traffic.
As you probably already read, it does so by ensuring that its route to the source address of a received packet is reached through the same interface that the packet came in on. Think of the "root port" concept in STP; all root ports look to the root, like sunflowers follow the sun. Therefore this is innately a loop prevention mechanism.
With multicast traffic it is quite likely to create routing loops due to its "multi-destination" nature of traffic flow. Because of this, employing a mechanism such as RPF allows you to ensure that you are on the "root route" (so-to-speak) back to the source from which the multicast traffic originated. Otherwise if you're not then you are either receiving this traffic off a looped route, or a suboptimal path.
uRPF essentially works in the same manner, except it does so for unicast traffic instead. Now with unicast traffic your flow is coming from one source and heading to one destination. Given that, as well as the fact that you are using a dynamic routing algorithm (which selects the path to a destination), you cannot have routing loops in your network for unicast traffic flows; of course there can be exceptions with route redistribution configuration pitfalls.
However RPF when applied to unicast traffic can add another advantage, and that is source IP verification. Therefore we can use it as a security mechanism to ensure that the data is originating from where it is supposed to originate from.
On the L2 boundary, you then have mechanisms such as IP source guard to ensure that the exact host isn't spoofing their IP address.
Analogously RPF can be used for source verification for multicast traffic, and it is intrinsically doing that however, the more important role is for it to be used to ensure loop-free routing of multicast traffic.
I hope I've helped clear things up and not confused you any more with all of this.
05-22-2015 01:49 AM
Please refer the below link. let me know if you need more info.
http://en.wikipedia.org/wiki/Reverse_path_forwarding
thanks,
Muthu.
05-22-2015 01:50 AM
I read that wiki already but I still don't get it.
05-22-2015 02:28 AM
Hard to answer without context. But here is my guess. Unicast RPF is anti-spoofing mechanism and RPF is method used to forward multicast packets.
05-22-2015 02:35 AM
but both of them check the source address.
You mean Unicast RPF just filter only but RPF doesn't only check but also forward a packet to the destination?
05-22-2015 02:42 AM
AFAIK both will forward the packet and anti-spoofing mechanism is supported. Only terminology we used for unicast packets is URPF and for Multicast we use RPF.
Thanks,
Muthu.
05-22-2015 03:55 AM
but for anti-spoofing mechanism, why is uRPF only refered while RPF is not ?
05-22-2015 04:38 AM
The mechanism of RPF is mainly used to ensure loop-free routing of traffic.
As you probably already read, it does so by ensuring that its route to the source address of a received packet is reached through the same interface that the packet came in on. Think of the "root port" concept in STP; all root ports look to the root, like sunflowers follow the sun. Therefore this is innately a loop prevention mechanism.
With multicast traffic it is quite likely to create routing loops due to its "multi-destination" nature of traffic flow. Because of this, employing a mechanism such as RPF allows you to ensure that you are on the "root route" (so-to-speak) back to the source from which the multicast traffic originated. Otherwise if you're not then you are either receiving this traffic off a looped route, or a suboptimal path.
uRPF essentially works in the same manner, except it does so for unicast traffic instead. Now with unicast traffic your flow is coming from one source and heading to one destination. Given that, as well as the fact that you are using a dynamic routing algorithm (which selects the path to a destination), you cannot have routing loops in your network for unicast traffic flows; of course there can be exceptions with route redistribution configuration pitfalls.
However RPF when applied to unicast traffic can add another advantage, and that is source IP verification. Therefore we can use it as a security mechanism to ensure that the data is originating from where it is supposed to originate from.
On the L2 boundary, you then have mechanisms such as IP source guard to ensure that the exact host isn't spoofing their IP address.
Analogously RPF can be used for source verification for multicast traffic, and it is intrinsically doing that however, the more important role is for it to be used to ensure loop-free routing of multicast traffic.
I hope I've helped clear things up and not confused you any more with all of this.
05-22-2015 07:12 AM
Thanks John. I more understand the difference of them after I read your explanation although there are about 15-20% of your explanation that don't answer a whole of my question
05-22-2015 08:40 AM
Glad I could be of help thsecmaniac. :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide